16 Jul, 2014

1 commit

  • r3353:3535 https://svn.forgerock.org/openidm/branches/3.1-earlyprototype
    
    
    
    git-svn-id: https://svn.forgerock.org/openidm/trunk@3537 d98387aa-ee2c-4292-a9e6-504d2a719fd3
    brmiller
     

15 Jul, 2014

3 commits


14 Jul, 2014

1 commit


10 Jul, 2014

2 commits


09 Jul, 2014

2 commits


03 Jul, 2014

1 commit


27 Jun, 2014

2 commits


26 Jun, 2014

1 commit


25 Jun, 2014

2 commits


20 Jun, 2014

1 commit

  • Retool the way the preliminary security context gets passed to the augmentation script
    and how the updated context from the script gets repersisted in MessageInfo's context map.
    Replaces implementation from CR-3752.
    
    
    
    git-svn-id: https://svn.forgerock.org/openidm/trunk@3430 d98387aa-ee2c-4292-a9e6-504d2a719fd3
    brmiller
     

19 Jun, 2014

1 commit


18 Jun, 2014

3 commits


17 Jun, 2014

3 commits

  • Disabling MANAGED_USER auth module for several samples, in favor of PASSTHROUGH to system/ldap/account
    
    Just toggled a boolean config value; no review necessary. Rationale for change:
    
    Previously, we attempted to authenticate using MANAGED_USER first, followed by a few others and then 
    finally PASSTHROUGH. The reason it was first created it this way was so that if there was a fully-
    populated managed/user entry, it would not need to query the remote system. This works fine if you 
    are syncing passwords between managed/user and the remote backend, but as mentioned in OPENIDM-1953, 
    that isn't always the case. To compound this problem, there is also the new function around role 
    calculation; this is per-auth module, and so if you want to calculate roles for a given user you would 
    need to do it for both MANAGED_USER and PASSTHROUGH, if they were both enabled. This redundancy is 
    annoying and a likely source of confusion. So, this change is to just disable the MANAGED_USER auth 
    module, and always use the PASSTHROUGH config.
    
    git-svn-id: https://svn.forgerock.org/openidm/trunk@3404 d98387aa-ee2c-4292-a9e6-504d2a719fd3
    jake.feasel
     
  • git-svn-id: https://svn.forgerock.org/openidm/trunk@3403 d98387aa-ee2c-4292-a9e6-504d2a719fd3
    jake.feasel
     
  • git-svn-id: https://svn.forgerock.org/openidm/trunk@3401 d98387aa-ee2c-4292-a9e6-504d2a719fd3
    laurent.bristiel
     

12 Jun, 2014

2 commits


11 Jun, 2014

1 commit


10 Jun, 2014

1 commit


09 Jun, 2014

2 commits


05 Jun, 2014

1 commit


04 Jun, 2014

4 commits


03 Jun, 2014

3 commits


02 Jun, 2014

2 commits


30 May, 2014

1 commit

  • Support reauth for any auth module configured in authentication.json.
     * AuthenticationService now handles requests on /authentication, replaciing
       AuthFilter which was not a filter, and did not fully handle reauth.
     * Authenticators are used from both JASPI auth modules and AuthenticationService
       to provide the authentication--either with Http headers in the case of the 
       auth modules, or from the authcid in the HttpContext and the reauth header 
       in the case of reauthentication.
     * AuthenticationService now satisfies the AuthenticationConfig service for 
       the purposes of OSGiAuthFilterBuilder's access to the config to build the 
       JASPI CAF.
     * The duplicative managed/user config at the top of the sample authentication.json 
       files are now removed, thus satisfying OPENIDM-1781.
    
    
    
    git-svn-id: https://svn.forgerock.org/openidm/trunk@3282 d98387aa-ee2c-4292-a9e6-504d2a719fd3
    brmiller